Wiz Finds AI Has Moved From Tool to Infrastructure, Broadening the Attack Surface

The rapid migration of artificial intelligence from experimental tools to foundational cloud services is reshaping the security landscape. Wiz’s latest research indicates that the majority of enterprises now embed AI directly into their infrastructure, with managed services and self‑hosted models becoming default components. This ubiquity means that AI is no longer an optional add‑on but a critical asset that must be inventoried, monitored, and protected like any other workload, especially as regulated sectors such as finance and aerospace accelerate adoption.

With AI woven into the fabric of cloud environments, new vulnerabilities emerge from both the models themselves and the supply chains that deliver them. Incidents like the Probllama remote‑code‑execution flaw and the singularity supply‑chain attack illustrate how attackers can exploit AI‑enabled tools to gain footholds and harvest credentials. The report highlights that 42% of organizations depend on a single model, creating concentration risk, while only a handful deploy a diversified portfolio, leaving many exposed to systemic weaknesses that can propagate at scale.

Wiz recommends a paradigm shift: AI must be governed with the same rigor as traditional infrastructure. This entails comprehensive asset inventories, strict configuration reviews, robust identity governance, and continuous exposure management across cloud, application, and data teams. By integrating AI security into existing governance frameworks, enterprises can mitigate inherited risks, reduce the attack surface, and keep pace with the accelerating pace of AI‑driven exploit development.